MDEV-12834 mysql_secure_installation should ask about unix_socket authentication

Optionally, restore the default root authentication, that is
mysql_native_password USING 'invalid' OR unix_socket

1 files changed, 34 insertions, 2 deletions

diff --git a/scripts/mysql_secure_installation.sh b/scripts/mysql_secure_installation.sh
index 9b5298949f3..6441bbdabbd 100644
--- a/scripts/mysql_secure_installation.sh
+++ b/scripts/mysql_secure_installation.sh
@@ -420,8 +420,40 @@ get_root_password
 # Set the root password
 #
 
-echo "Setting the root password ensures that nobody can log into the MariaDB"
-echo "root user without the proper authorisation."
+echo "Setting the root password or using the unix_socket ensures that nobody"
+echo "can log into the MariaDB root user without the proper authorisation."
+echo
+
+while true ; do
+    if [ $emptypass -eq 1 ]; then
+	echo $echo_n "Enable unix_socket authentication? [Y/n] $echo_c"
+    else
+	echo "You already have your root account protected, so you can safely answer 'n'."
+	echo
+	echo $echo_n "Switch to unix_socket authentication [Y/n] $echo_c"
+    fi
+    read reply
+    validate_reply $reply && break
+done
+
+if [ "$reply" = "n" ]; then
+  echo " ... skipping."
+else
+  emptypass=0
+  do_query "UPDATE mysql.global_priv SET priv=json_set(priv, '$.plugin', 'mysql_native_password', '$.authentication_string', 'invalid', '$.auth_or', json_array(json_object(), json_object('plugin', 'unix_socket'))) WHERE User='root';"
+  if [ $? -eq 0 ]; then
+   echo "Enabled successfully!"
+   echo "Reloading privilege tables.."
+   reload_privilege_tables
+   if [ $? -eq 1 ]; then
+     clean_and_exit
+   fi
+   echo
+  else
+   echo "Failed!"
+   clean_and_exit
+  fi
+fi
 echo
 
 while true ; do